|
171
|
7.5 |
HIGH
Network
|
openvm
|
openvm
|
OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theor…
New
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-46669
|
2026-06-13 04:38 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
172
|
4.6 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is rendered in the confirmation dialog without proper o…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-46609
|
2026-06-13 04:34 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
173
|
6.1 |
MEDIUM
Network
|
umbraco
|
umbraco_cms
|
Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor t…
Update
|
CWE-601
Open Redirect
|
CVE-2026-46616
|
2026-06-13 04:34 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
174
|
8.8 |
HIGH
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj…
New
|
CWE-94
Code Injection
|
CVE-2026-50223
|
2026-06-13 04:30 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
175
|
7.8 |
HIGH
Local
|
microsoft
|
pc_manager
|
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
Update
|
CWE-284
Improper Access Control
|
CVE-2026-49161
|
2026-06-13 04:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
176
|
9.8 |
CRITICAL
Network
|
vmware
|
spring_for_graphql
|
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can craft a malicious GraphQL request that can lead to Remote Code Exec…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41699
|
2026-06-13 04:28 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
177
|
8.1 |
HIGH
Network
|
microsoft
|
teams
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
Update
|
CWE-74
Injection
|
CVE-2026-42835
|
2026-06-13 04:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
178
|
8.2 |
HIGH
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the cu…
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-47937
|
2026-06-13 04:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
179
|
5.5 |
MEDIUM
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this v…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-47926
|
2026-06-13 04:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
180
|
5.5 |
MEDIUM
Local
|
adobe
|
acrobat_dc
acrobat_reader_dc
acrobat
|
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-47925
|
2026-06-13 04:23 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
